CVE-2012-3469 - Vulnerability Details - OpenCVE

ReportizFlow

Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ushahidi	Ushahidi Platform

Configuration 1 [-]

OR	cpe:2.3:a:ushahidi:ushahidi_platform::::::::
	cpe:2.3:a:ushahidi:ushahidi_platform:1.0:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:1.2:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.0:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.1:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.2:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:::::::*
	cpe:2.3:a:ushahidi:ushahidi_platform:2.4:::::::*

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2012/08/09/5
https://github.com/ushahidi/Ushahidi_Web/commit/68d9916
https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919
https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c
https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-08-12T21:00:00Z

Updated: 2024-09-17T03:37:24.200Z

Reserved: 2012-06-14T00:00:00Z

Link: CVE-2012-3469

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-08-12T21:55:01.417

Modified: 2024-11-21T01:40:56.500

Link: CVE-2012-3469

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-08-12T21:00:00Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"}, {"name": "[oss-security] 20120809 Re: CVE request for Ushahidi", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/08/09/5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2012-3469", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66", "refsource": "CONFIRM", "url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"}, {"name": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919", "refsource": "CONFIRM", "url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"}, {"name": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916", "refsource": "CONFIRM", "url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"}, {"name": "[oss-security] 20120809 Re: CVE request for Ushahidi", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2012/08/09/5"}, {"name": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c", "refsource": "CONFIRM", "url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T20:05:12.648Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"}, {"name": "[oss-security] 20120809 Re: CVE request for Ushahidi", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/08/09/5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-3469", "datePublished": "2012-08-12T21:00:00Z", "dateReserved": "2012-06-14T00:00:00Z", "dateUpdated": "2024-09-17T03:37:24.200Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "984B26E4-C672-46DF-B26B-8CAAEDBDFEB0", "versionEndIncluding": "2.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "86468BDD-17C2-49CC-A488-F38CC8630979", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E8EBC5A6-4FB0-4385-8299-5D6298977534", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "826225E4-F4F8-4FB6-AFAF-23CD6720CE5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "6754F1ED-E827-433C-8F50-71F04293EEB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "7B1BC250-09BC-4051-ABEE-8B8FE1558279", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5D260CD2-5483-48D2-87B9-C0298F5F2B23", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "489F7397-CF33-42C5-AF46-956D5692C6D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "B1C84D59-409A-4E73-A65A-8B12594B61DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ushahidi:ushahidi_platform:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "8A004E65-AFA7-4551-BA2B-8EF9450B0684", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in application/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, or (4) the location API in application/libraries/api/MY_Locations_Api_Object.php and application/models/location.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la Plataforma Ushahidi anterior a v2.5 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de vectores relacionados con (1) la funcionalidad de mensajes de administrador en \r\napplication/controllers/admin/messages.php, (2) application/libraries/api/MY_Checkin_Api_Object.php, (3) application/controllers/admin/messages/reporters.php, o (4) la API de localizaci\u00f3n en application/libraries/api/MY_Locations_Api_Object.php y application/models/location.php."}], "id": "CVE-2012-3469", "lastModified": "2024-11-21T01:40:56.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-08-12T21:55:01.417", "references": [{"source": "[email protected]", "url": "http://openwall.com/lists/oss-security/2012/08/09/5"}, {"source": "[email protected]", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"}, {"source": "[email protected]", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"}, {"source": "[email protected]", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"}, {"source": "[email protected]", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2012/08/09/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/68d9916"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/6f6a919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/a11d43c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://github.com/ushahidi/Ushahidi_Web/commit/e0e2b66"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}